Look guys, you are thinking about this all wrong. Security is about how to protect yourself. The best way to protect yourself is to find that part of your protection that is weakest and fix it.
Arguments such as "why would anyone want to break bitcoin", or "you still only have 50/50 chance of double spending" are meaningless in this debate. These are not factors to what your weakest vector of attack is.
This is only a simple example, but what if state actor wished to see the devaluation of bitcoin? What would they do? The easiest thing I can think of is a rubber hose attack against the operators of the top n pools. Now with control of 75% or more of the hash rate the design of bitcoin IS COMPROMISED. Creative people *will* figure out what the best way to take advantage of that compromise is. Double spend, ruin the credibility of bitcoin, buy WMD, whatever is the most value to that actor. Never argue "why would...", "how" is the only argument and if there is a how you ARE vulnerable in that direction.
POOLS ARE BAD! They make a system that has demonstrable cryptographic security into a "I don't think that guy is cheating, why would he". FAIL!
STOP USING POOLS, or use one of the systems that make pools safe. If you argue that pools are safe then you are uninformed, or an NSA/CIA shill.
If you truly want bitcoin to succeed, then this is a fundamental issue that should be addressed.
I agree with you on many points, but I can't stop using a pool. Statistically, I'm never going to hit a block (assuming continued 30% difficulty increases). A pool is the only way I get paid. As difficulty continues to increase, this will be true for more and more people. The solution is: fix the way pools work so that this attack doesn't exist. People are working on that. See this thread for more info: http://forum.bitcoin.org/index.php?topic=9137.0;topicseen |
|
|
|
agreed - except i think you're an optimist. i give gold and silver less than 100 years as a store of wealth. nope, there's no long-term future in gold. hell, there's roughly 25 tons of the stuff in every cubic mile of seawater (concentration varies by location), and almost twice that of silver; according to the USGS: http://ga.water.usgs.gov/edu/whyoceansalty.htmlhumans have always been pretty good at extracting things from other things - and sooner or later, seawater will be cracked as well. there's been folks working on it for quite a while. sooner or later... Well then, all we need is a big water magnet. I'm going to be rich, lol. Very good points, in a cage match between bitcoins and gold for the long term... I don't know, hard to call. If bitcoins are still around in 2 year, I know who I believe would win. It just needs to make it through these first few years. |
|
|
|
interestingly, while difficulty jumped only slightly, the deepbit's hashrate jumped very significantly.
it seems like many miners are migrating to deepbit, probably for more stable payouts?
or other pools are very unlucky and/or unstable?
btcguild is under ddos. |
|
|
|
It is still a double spend, and it is even more obvious if you spend on the main chain first and then try to reverse it. Check your debug log. The node already flags chain reversions and double spends. Sites that wait for multiple confirmations can (should) be watching.
Yes, but the evil pool would not release the "bad" block chain until the first spend already had 6 confirmations, got sold, and sent to dwolla. Then the new block chain would roll it all back. |
|
|
|
I doubt Tycho keeps tens of thousands of BTC on his online infrastructure. His pool profits (~3% fee) only amount to ~100 BTC per day. But my counter example was also to illustrate that Deepbit, with its size, is now a valuable target to any attacker out there. The fact a pool owns ~50% of the hashrate is bad not only for Bitcoin, but also because it concentrates risk. My advice to users is to not keep any significant amounts of BTC in their Deepbit account.
Yes, but deepbit mines about 3,600 a day total, all of which has to be available if his users withdraw. I bet at least some uses don't withdraw everyday (although I do). It could easily have 5,000 in it. |
|
|
|
DamienBlack: I wrote this as a counter-example to your comment in another thread that a 50% attack would be statistically noticed in the global hashrate.
Yes you have a point. You are correct. A double spend attack could be done quickly. Quickly enough that no one would notice. But honestly, I don't think a double spent is that big a deal, and it can happen below 50%, there is no magic number there. Other people pointed out that at > 50% you can begin moving backward through the whole block chain with statistical confidence. That is true, and a more dire attack. But a pool wouldn't be able to pull that off because people would leave the poll in a day or two, and you wouldn't be able to get that far back in that time since you also have to keep up with the rest of the network while moving backward. You can never move backwards through the chain. The best you can do is pick a spot in the past and try to catch up. Yes, you are correct. My mistake. Thank you for pointing out that misconception. |
|
|
|
Step 10: A few minutes later, the legitimate block chain becomes longer than my forked chain, which invalidates the 500 BTC I transferred to TradeHill/Bitcoin7/MtGox. The 500 BTC automatically "reappears" in my original wallet. The exchange is short on BTC and is screwed. An investigation later in the day reveal that Tycho's pool was compromised. Tycho's reputation is ruined. People switch to another pool, which gains 50% of the hashrate. The attacker repeats the same attack on this other pool  This step won't work for two reasons. First, if the exchange sees your chain as legitimate, you need to assume that every miner also sees it that way. They will be working on the next block to extend your chain, not the old reverted chain. Your 500 BTC spend to the exchange will not be overturned on those grounds. Second, if you manage to somehow time your chain transmission so that it forces a race and gives the other chain a chance to get back on top, if it does take back over, every node on the network will instantly put your 500 BTC spend in their transaction list. Your recovery attempt will be seen as a double spend. So, you've spent 2 hours to get an instant transfer into an exchange when you could have just waited an hour. He has the order backwards, but it could still be done. You would spend on the "legit" original chain, and create a longer chain without that spend, then everyone works on that. It is two hours because that is how long it would take half the network to make six blocks, that is how long the attack would take, done correctly. |
|
|
|
How easy is it to look at what you are mining? Won't people see that they are working on a different block number than the current one? And shouldn't some people notice that they found blocks that don't show?
The block data is actually pre-hashed when given to miners in a pool. We have no idea what we are working on. This is the main problem, and various solution have been floated / are being worked on. You could check your successful blocks, but I don't think many people do. I don't even know of any mining programs that inform you. |
|
|
|
DamienBlack: I wrote this as a counter-example to your comment in another thread that a 50% attack would be statistically noticed in the global hashrate.
Yes you have a point. You are correct. A double spend attack could be done quickly. Quickly enough that no one would notice. But honestly, I don't think a double spent is that big a deal, and it can happen below 50%, there is no magic number there. Other people pointed out that at > 50% you can begin moving backward through the whole block chain with statistical confidence. That is true, and a more dire attack. But a pool wouldn't be able to pull that off because people would leave the poll in a day or two, and you wouldn't be able to get that far back in that time since you also have to keep up with the rest of the network while moving backward. |
|
|
|
|
If you hacked the site so thoroughly, you would probably have access to the pool's wallet, the one that makes payouts. I'm sure there is 10s of thousands. Take that and be done with it.
|
|
|
|
|
Sounds very awesome. I would love to see you and mt gox about equal in volume. That would give the bitcoin economy much more stability.
|
|
|
|
Bitcoins.
Thunder.
I'm alive.
I vote for this. Burmashave |
|
|
|
What if the hacker is ben bernanke and doesn't give a crap about bitcoins and just wants to see them fail.
Then he could much around for a few hours until people leave the pool. Then everything is ok (with maybe a minor blockchain rollback). |
|
|
|
|
You get right on that then. I'll be waiting.
Remember, if deepbit is 50% of the network, you'd only have about a 50% chance of this attack working (you making a longer chain than the rest of the network. Otherwise you'll probably be found out with no harm done. And this attack could work even if deepbit had 49% or 48% of 40%... the odds just start tilting against you.
|
|
|
|
Yeh, now you have to worry about
1) harddrive crashes
2) theft of your laptop
3) harddrive physical failures
I guess that's it.
1 and 3 are the same thing. Encryption and backup solves everything. And it looks like he has gone above and beyond that. |
|
|
|
I really dont see BTC being around in 5,000-10,000-25,000-2 million years. Do you?
Gold will be laying or being worn somewhere.
I'm not sure I even believe humans will be around 2 million years from now. All that matters to me is the next 20-50 years. This guy isn't trying to pass on the wealth to his descendants 5,000 years in the future. In 5,000 year, I expect gold will be a by-product of our cold-fusion reactors. There'll be more of it than we know what to do with. There will be landfills full of the stuff. If gold has any value in the distant future, it will be manufactured. Completely silly to think gold is a good store of value for the next 25,000-2,000,000 years. |
|
|
|
|
Bitcoins.
Thunder.
I'm alive.
|
|
|
|
|
But there are more miners now than there have even been, but profitability is quite low compared to the past.
And if miners show up when it is profitable, it will just increase the difficulty, decreasing profitability.
Anyway, we are just arguing in a loop. The system is well regulated, when there is a need for more miners, it will be incentivized.
|
|
|
|
|
Responsive as always tradehill. I applaud you. You would be my number one choice if your trade screen and market data looked just a little bit better. Give me fill-or-kill, all-or-nothing and stop-losses and I'm yours forever.
Oh, and others have complained about the $45 wire fee.
|
|
|
|
|
Show Posts
